Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Issue with databricks_secret_scope resource #4304

Open
DouglasSoaresMantovani opened this issue Dec 9, 2024 · 2 comments
Open

[ISSUE] Issue with databricks_secret_scope resource #4304

DouglasSoaresMantovani opened this issue Dec 9, 2024 · 2 comments

Comments

@DouglasSoaresMantovani
Copy link

DouglasSoaresMantovani commented Dec 9, 2024
edited
Loading

Described issue

Error while creating the databricks_secret_scope in terraform as follows below .
The provider used is the databricks provider https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope

ERROR:
Error: cannot create secret scope: Scope with Azure KeyVault must have userAADToken defined!

│ with module.dbw.databricks_secret_scope.kv,
│ on module/secret_scope.tf line 17, in resource "databricks_secret_scope" "kv":
│ 17: resource "databricks_secret_scope" "kv" {

Configuration

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "key_vault_id" {
  name = "kv-monetizacao-dev"
  tenant_id   = data.azurerm_client_config.current.tenant_id
  sku_name    = "standard"
  location    = var.location
  resource_group_name = var.resource_group_name
  purge_protection_enabled = true
}

resource "azurerm_key_vault_access_policy" "this" {
  key_vault_id       = azurerm_key_vault.key_vault_id.id
  tenant_id          = data.azurerm_client_config.current.tenant_id
  object_id          = data.azurerm_client_config.current.object_id
  secret_permissions = ["Delete", "Get", "List", "Set"]
}

resource "databricks_secret_scope" "kv" {
  name = var.key_vault_secret_dns_name

  keyvault_metadata {
    resource_id = azurerm_key_vault.key_vault_id.id
    dns_name    = azurerm_key_vault.key_vault_id.vault_uri
  }
}

Expected Behavior

The databricks resource should be deployed without issues

Actual Behavior

The resource got the described error while trying to deploy

Steps to Reproduce

terragrunt run-all plan
terragrunt run-all apply

Terraform and provider versions

https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope
Terraform 0.13+
terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = "1.59.0"
}
}
}

Is it a regression?

Debug Output

ERROR:
Error: cannot create secret scope: Scope with Azure KeyVault must have userAADToken defined!

│ with module.dbw.databricks_secret_scope.kv,
│ on module/secret_scope.tf line 17, in resource "databricks_secret_scope" "kv":
│ 17: resource "databricks_secret_scope" "kv" {

Important Factoids

Would you like to implement a fix?
@alexott
Copy link
Contributor

alexott commented Dec 10, 2024
edited
Loading

Have you seen this in the docs?

To create a secret scope from Azure Key Vault, you must use one of the Azure-specific authentication methods. Secret scopes backed by Azure Key Vault cannot be created using personal access tokens (PAT).

What authentication method are you using?

@DouglasSoaresMantovani
Copy link
Author

DouglasSoaresMantovani commented Dec 10, 2024
edited
Loading

I will check out this doc !!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexott @DouglasSoaresMantovani